Privacy Policy
How MajorBase collects, uses, and protects your personal data.
Last updated: 23 April 2026
This Privacy Policy applies to the MajorBase web application (the "Platform") available at majorbase.com and its subdomains. It is governed by the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable EU/EEA data protection law. Please read it carefully before using the Platform.
1. Data Controller
The data controller responsible for your personal data is:
MajorBase
Operated by Sneaky2x (private individual), European Union
Contact: [email protected]
Where you have questions or concerns about how your personal data is handled, please contact us at the address above.
2. Personal Data We Collect
We collect personal data in the following circumstances:
2.1 Account Registration
When you create an account or authenticate via a supported provider we receive and store basic profile information. This may include identifiers such as a user ID or username, display name, profile picture, and — where the provider makes it available — an email address. The exact data received depends on the authentication method used and the permissions granted by the third-party provider. Where a provider does not supply a real email address, a non-contact internal placeholder may be assigned solely for system identification purposes.
2.2 Account Activity
- Last login timestamp
- Account creation date
- Subscription status and plan
2.3 Tool Usage Data
The Platform provides a set of browser-based tools. The data processing model varies by tool type:
- Client-side tools: Most tools process any content you provide (such as audio files, text, or images) entirely within your own browser. No such content is transmitted to or stored on our servers.
- Server-assisted tools: Some tools require server-side processing (for example, fetching a third-party URL on your behalf or resolving network information). In these cases, only the minimum data necessary to fulfil your request is transmitted. We do not retain the submitted content beyond the duration of the request session.
- Account-linked preferences: Where a tool allows you to save settings or subscriptions (such as feed URLs or display preferences) to your account, that data is stored in association with your account and retained until you delete it or your account.
- Third-party service integrations: Some tools may act on your behalf via connected third-party accounts (such as social media platforms). Where this requires storing access tokens, those tokens are encrypted and used solely to execute the actions you explicitly request.
2.4 Technical and Log Data
Our hosting infrastructure automatically collects standard access logs including:
- IP address
- Browser type and version
- Operating system
- Referring URL
- Date and time of request
- HTTP status code
These logs are used for security, abuse prevention, and operational purposes. They are retained for a maximum of 30 days.
2.5 Cookies and Similar Technologies
We use the following cookies:
- Strictly necessary cookies: Used for authentication session management, security (CSRF protection), and core functionality. These are set automatically and cannot be disabled without breaking the Platform.
- Persistent authentication cookie: If you opt in to staying logged in, a persistent cookie stores an authentication token for a limited period.
In addition, we display advertisements served by Google AdSense (Google LLC). Google AdSense may set advertising and tracking cookies and similar technologies on your device to serve personalised or contextual advertisements, measure ad performance, and prevent ad fraud. These cookies are non-essential and are only set with your prior consent in accordance with the ePrivacy Directive. For a current list of cookies used by Google, please refer to Google's own documentation.
You can manage or withdraw your consent to advertising cookies at any time via the cookie preferences panel. Withdrawing consent will not affect the lawfulness of processing based on consent before its withdrawal. You may also opt out of personalised advertising directly at adssettings.google.com or via the Digital Advertising Alliance opt-out.
3. Legal Basis for Processing
We rely on the following legal bases under GDPR Article 6:
| Processing activity | Legal basis |
|---|---|
| Creating and maintaining your account | Art. 6(1)(b) — performance of a contract |
| Authentication via X/Twitter or Google OAuth | Art. 6(1)(b) — performance of a contract |
| Processing your subscription and payment data | Art. 6(1)(b) — performance of a contract; Art. 6(1)(c) — legal obligation (invoicing/tax records) |
| Providing tool features, including server-assisted processing and storing account-linked preferences | Art. 6(1)(b) — performance of a contract |
| Server access logs | Art. 6(1)(f) — legitimate interests (security, fraud prevention) |
| Strictly necessary session cookies | Art. 6(1)(b) — necessary for service delivery (ePrivacy Directive exception) |
| Google AdSense advertising cookies (non-essential) | Art. 6(1)(a) — your explicit consent (ePrivacy Directive, Art. 5(3)) |
| Sending transactional emails (if applicable) | Art. 6(1)(b) — performance of a contract |
4. Third-Party Services and Data Transfers
We use the following third-party services that may process your personal data as processors or independent controllers:
4.1 X Corp. (Twitter OAuth)
When you authenticate via X/Twitter, your browser communicates directly with X Corp. X Corp. acts as an independent data controller for data processed on their platform. Please review the X Privacy Policy.
4.2 Google LLC (Google OAuth)
When you authenticate via Google, your browser communicates directly with Google. Google acts as an independent data controller for data processed on their platform. Please review the Google Privacy Policy. As Google LLC is a US-based company, data transfers from the EU are covered by Google's Standard Contractual Clauses (SCCs) approved by the European Commission under GDPR Article 46(2)(c).
4.3 Google AdSense (Google LLC)
We use Google AdSense to display advertisements on the Platform. Google AdSense is operated by Google LLC, a US-based company. Google, as an independent data controller, may use cookies and similar tracking technologies to serve personalised advertisements based on your interests and browsing behaviour.
Data collected by Google AdSense may include your IP address, device identifiers, browser information, and browsing behaviour. It may be transferred to and processed outside the EU. Such transfers are covered by Google's Standard Contractual Clauses (SCCs) under GDPR Article 46(2)(c).
Google AdSense cookies are only loaded following your explicit consent. For more information, see the Google Advertising Privacy Policy and Google Ad Settings.
4.4 Hosting Provider
The Platform is hosted on servers located within the European Union. Our hosting provider acts as a data processor under a data processing agreement and may access personal data solely for the purpose of providing infrastructure services.
4.5 Payment Processor (if applicable)
If you subscribe to a paid plan, payment processing is handled by a PCI-DSS compliant third-party payment processor. We do not store complete payment card details. The payment processor's own privacy policy governs the processing of your payment data.
We do not sell, rent, or trade your personal data to any third party for marketing purposes.
5. Data Retention
| Data category | Retention period |
|---|---|
| Account data (profile, credentials, connections) | For the duration of your account. Upon deletion, data is removed within a reasonable period unless a longer retention is required by law. |
| Account-linked preferences and saved data | Until you delete them or your account |
| Third-party connection tokens | Until you disconnect the connection or delete your account |
| Server access logs | Up to 30 days |
| Subscription and billing records | As required by applicable tax and accounting obligations (typically up to 7 years) |
6. Your Rights Under GDPR
As a data subject in the EU/EEA, you have the following rights:
- Right of access (Art. 15 GDPR): You may request a copy of the personal data we hold about you.
- Right to rectification (Art. 16 GDPR): You may request that inaccurate personal data be corrected. You can update most profile information directly in your Account Settings.
- Right to erasure / "right to be forgotten" (Art. 17 GDPR): You may request deletion of your personal data where there is no overriding legal basis for continued processing.
- Right to restriction of processing (Art. 18 GDPR): You may request that we restrict processing while a dispute is resolved.
- Right to data portability (Art. 20 GDPR): Where processing is based on consent or contract and is carried out by automated means, you may request your data in a structured, machine-readable format.
- Right to object (Art. 21 GDPR): You may object to processing based on our legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds.
- Rights related to automated decision-making (Art. 22 GDPR): We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.
- Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
- Right to lodge a complaint: You have the right to lodge a complaint with your national supervisory authority. A list of EU supervisory authorities is available at edpb.europa.eu.
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days of receiving your request. Requests are free of charge unless manifestly unfounded or excessive.
7. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include:
- Encrypted data transmission via HTTPS/TLS
- Passwords stored using a one-way cryptographic hashing algorithm
- Sensitive tokens stored in encrypted form
- Server access restricted to authorised personnel only
- Regular software updates and security patching
No method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to maintaining appropriate safeguards.
8. Children's Privacy
The Platform is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately at [email protected] and we will delete the data without undue delay.
9. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify registered users of material changes via a notice on the Platform or, where appropriate, by email. The date at the top of this page reflects the most recent revision. Continued use of the Platform after a change constitutes acceptance of the updated policy.
10. Contact
For any questions, requests, or complaints regarding this Privacy Policy or your personal data, please contact:
MajorBase
Email: [email protected]